start on ecdsa keys

--HG-- branch : ecc
2025-03-09 13:30:45 +00:00 · 2013-04-09 00:36:04 +08:00 · 2013-04-09 00:36:04 +08:00 · 7f091e7019
commit 7f091e7019
parent 4f07805d0a
16 changed files with 157 additions and 84 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -26,7 +26,8 @@ COMMONOBJS=dbutil.o buffer.o \
 		dss.o bignum.o \
 		signkey.o rsa.o random.o \
 		queue.o \
-		atomicio.o compat.o fake-rfc2553.o ltc_prng.o ecc.o
+		atomicio.o compat.o fake-rfc2553.o \
+		ltc_prng.o ecc.o ecdsa.o crypto_desc.o

 SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
@ -54,7 +55,7 @@ HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
 		debug.h channel.h chansession.h config.h queue.h sshpty.h \
 		termcodes.h gendss.h genrsa.h runopts.h includes.h \
 		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
-		listener.h fake-rfc2553.h
+		listener.h fake-rfc2553.h ecc.h ecdsa.h

 dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ 
 dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
--- a/algo.h
+++ b/algo.h
@ -93,7 +93,6 @@ struct dropbear_kex {
 	const struct ltc_hash_descriptor *hashdesc;
 };

-void crypto_init();
 int have_algo(char* algo, size_t algolen, algo_type algos[]);
 void buf_put_algolist(buffer * buf, algo_type localalgos[]);

@ -120,6 +119,4 @@ enum {
 	DROPBEAR_COMP_ZLIB_DELAY,
 };

-extern int dropbear_ltc_prng;
-
 #endif /* _ALGO_H_ */
--- a/cli-session.c
+++ b/cli-session.c
@ -36,6 +36,7 @@
 #include "runopts.h"
 #include "chansession.h"
 #include "agentfwd.h"
+#include "crypto_desc.h"

 static void cli_remoteclosed();
 static void cli_sessionloop();
--- a/common-algo.c
+++ b/common-algo.c
@ -33,12 +33,6 @@
 /* This file (algo.c) organises the ciphers which can be used, and is used to
 * decide which ciphers/hashes/compression/signing to use during key exchange*/

-#ifdef DROPBEAR_LTC_PRNG
-	int dropbear_ltc_prng = -1;
-#endif
-
-
-
 static int void_cipher(const unsigned char* in, unsigned char* out,
 		unsigned long len, void* UNUSED(cipher_state)) {
 	if (in != out) {
@ -255,70 +249,6 @@ algo_type sshkex[] = {
 	{NULL, 0, NULL, 0, NULL}
 };

-
-/* Register the compiled in ciphers.
- * This should be run before using any of the ciphers/hashes */
-void crypto_init() {
-
-	const struct ltc_cipher_descriptor *regciphers[] = {
-#ifdef DROPBEAR_AES
-		&aes_desc,
-#endif
-#ifdef DROPBEAR_BLOWFISH
-		&blowfish_desc,
-#endif
-#ifdef DROPBEAR_TWOFISH
-		&twofish_desc,
-#endif
-#ifdef DROPBEAR_3DES
-		&des3_desc,
-#endif
-		NULL
-	};
-
-	const struct ltc_hash_descriptor *reghashes[] = {
-		/* we need sha1 for hostkey stuff regardless */
-		&sha1_desc,
-#ifdef DROPBEAR_MD5_HMAC
-		&md5_desc,
-#endif
-#ifdef DROPBEAR_SHA256
-		&sha256_desc,
-#endif
-#ifdef DROPBEAR_SHA384
-		&sha384_desc,
-#endif
-#ifdef DROPBEAR_SHA512
-		&sha512_desc,
-#endif
-		NULL
-	};	
-	int i;
-	
-	for (i = 0; regciphers[i] != NULL; i++) {
-		if (register_cipher(regciphers[i]) == -1) {
-			dropbear_exit("Error registering crypto");
-		}
-	}
-
-	for (i = 0; reghashes[i] != NULL; i++) {
-		if (register_hash(reghashes[i]) == -1) {
-			dropbear_exit("Error registering crypto");
-		}
-	}
-
-#ifdef DROPBEAR_LTC_PRNG
-	dropbear_ltc_prng = register_prng(&dropbear_prng_desc);
-	if (dropbear_ltc_prng == -1) {
-		dropbear_exit("Error registering crypto");
-	}
-#endif
-
-#ifdef DROPBEAR_ECC
-	ltc_mp = ltm_desc;
-#endif
-}
-
 /* algolen specifies the length of algo, algos is our local list to match
 * against.
 * Returns DROPBEAR_SUCCESS if we have a match for algo, DROPBEAR_FAILURE
--- a/common-kex.c
+++ b/common-kex.c
@ -35,6 +35,7 @@
 #include "random.h"
 #include "runopts.h"
 #include "ecc.h"
+#include "crypto_desc.h"

 /* diffie-hellman-group1-sha1 value for p */
 const unsigned char dh_p_1[DH_P_1_LEN] = {
--- a/crypto_desc.c
+++ b/crypto_desc.c
@ -0,0 +1,73 @@
+#include "includes.h"
+#include "dbutil.h"
+#include "crypto_desc.h"
+#include "ltc_prng.h"
+
+#ifdef DROPBEAR_LTC_PRNG
+	int dropbear_ltc_prng = -1;
+#endif
+
+
+/* Register the compiled in ciphers.
+ * This should be run before using any of the ciphers/hashes */
+void crypto_init() {
+
+	const struct ltc_cipher_descriptor *regciphers[] = {
+#ifdef DROPBEAR_AES
+		&aes_desc,
+#endif
+#ifdef DROPBEAR_BLOWFISH
+		&blowfish_desc,
+#endif
+#ifdef DROPBEAR_TWOFISH
+		&twofish_desc,
+#endif
+#ifdef DROPBEAR_3DES
+		&des3_desc,
+#endif
+		NULL
+	};
+
+	const struct ltc_hash_descriptor *reghashes[] = {
+		/* we need sha1 for hostkey stuff regardless */
+		&sha1_desc,
+#ifdef DROPBEAR_MD5_HMAC
+		&md5_desc,
+#endif
+#ifdef DROPBEAR_SHA256
+		&sha256_desc,
+#endif
+#ifdef DROPBEAR_SHA384
+		&sha384_desc,
+#endif
+#ifdef DROPBEAR_SHA512
+		&sha512_desc,
+#endif
+		NULL
+	};	
+	int i;
+	
+	for (i = 0; regciphers[i] != NULL; i++) {
+		if (register_cipher(regciphers[i]) == -1) {
+			dropbear_exit("Error registering crypto");
+		}
+	}
+
+	for (i = 0; reghashes[i] != NULL; i++) {
+		if (register_hash(reghashes[i]) == -1) {
+			dropbear_exit("Error registering crypto");
+		}
+	}
+
+#ifdef DROPBEAR_LTC_PRNG
+	dropbear_ltc_prng = register_prng(&dropbear_prng_desc);
+	if (dropbear_ltc_prng == -1) {
+		dropbear_exit("Error registering crypto");
+	}
+#endif
+
+#ifdef DROPBEAR_ECC
+	ltc_mp = ltm_desc;
+#endif
+}
+
--- a/crypto_desc.h
+++ b/crypto_desc.h
@ -0,0 +1,9 @@
+#ifndef _CRYPTO_DESC_H
+#define _CRYPTO_DESC_H
+
+void crypto_init();
+
+extern int dropbear_ltc_prng;
+
+#endif // _CRYPTO_DESC_H
+
--- a/dropbearkey.c
+++ b/dropbearkey.c
@ -188,6 +188,7 @@ int main(int argc, char ** argv) {
 			exit(EXIT_FAILURE);
 		}
 		
+		// TODO: put RSA and DSS size checks into genrsa.c etc
 		if (keytype == DROPBEAR_SIGNKEY_DSS && bits != 1024) {
 			fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n");
 			exit(EXIT_FAILURE);			
--- a/ecc.c
+++ b/ecc.c
@ -7,25 +7,24 @@
 #ifdef DROPBEAR_ECC

 // TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c
-
 #ifdef DROPBEAR_ECC_256
 const struct dropbear_ecc_curve ecc_curve_nistp256 = {
 	.dp = &ltc_ecc_sets[0],
-	.hash_desc = &sha256_desc,
+	.hashdesc = &sha256_desc,
 	.name = "nistp256"
 };
 #endif
 #ifdef DROPBEAR_ECC_384
 const struct dropbear_ecc_curve ecc_curve_nistp384 = {
 	.dp = &ltc_ecc_sets[1],
-	.hash_desc = &sha384_desc,
+	.hashdesc = &sha384_desc,
 	.name = "nistp384"
 };
 #endif
 #ifdef DROPBEAR_ECC_521
 const struct dropbear_ecc_curve ecc_curve_nistp521 = {
 	.dp = &ltc_ecc_sets[2],
-	.hash_desc = &sha512_desc,
+	.hashdesc = &sha512_desc,
 	.name = "nistp521"
 };
 #endif
--- a/ecc.h
+++ b/ecc.h
@ -10,7 +10,7 @@

 struct dropbear_ecc_curve {
 	const ltc_ecc_set_type *dp; // curve domain parameters
-	const struct ltc_hash_descriptor *hash_desc;
+	const struct ltc_hash_descriptor *hashdesc;
 	const char *name;
 };

--- a/ecdsa.c
+++ b/ecdsa.c
@ -0,0 +1,53 @@
+#include "includes.h"
+#include "dbutil.h"
+#include "crypto_desc.h"
+
+#ifdef DROPBEAR_ECDSA
+
+ecc_key *gen_ecdsa_priv_key(unsigned int bit_size) {
+	const ltc_ecc_set_type *dp = NULL; // curve domain parameters
+	// TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c
+	switch (bit_size) {
+#ifdef DROPBEAR_ECC_256
+		case 256:
+			dp = &ltc_ecc_sets[0];
+			break;
+#endif
+#ifdef DROPBEAR_ECC_384
+		case 384:
+			dp = &ltc_ecc_sets[0];
+			break;
+#endif
+#ifdef DROPBEAR_ECC_521
+		case 521:
+			dp = &ltc_ecc_sets[0];
+			break;
+#endif
+	}
+	if (!dp) {
+		dropbear_exit("Key size %d isn't valid. Try "
+#ifdef DROPBEAR_ECC_256
+			"256 "
+#endif
+#ifdef DROPBEAR_ECC_384
+			"384 "
+#endif
+#ifdef DROPBEAR_ECC_521
+			"521 "
+#endif
+			, bit_size);
+	}
+
+	ecc_key *new_key = m_malloc(sizeof(*new_key));
+	if (ecc_make_key_ex(NULL, dropbear_ltc_prng, new_key, dp) != CRYPT_OK) {
+		dropbear_exit("ECC error");
+	}
+	return new_key;
+}
+
+int buf_get_ecdsa_pub_key(buffer* buf, ecc_key *key) {
+
+}
+
+
+#endif // DROPBEAR_ECDSA
--- a/ecdsa.h
+++ b/ecdsa.h
--- a/options.h
+++ b/options.h
@ -137,6 +137,7 @@ much traffic. */
 #define DROPBEAR_DSS

 #define DROPBEAR_ECDH
+#define DROPBEAR_ECDSA

 /* RSA can be vulnerable to timing attacks which use the time required for
 * signing to guess the private key. Blinding avoids this attack, though makes
--- a/signkey.h
+++ b/signkey.h
@ -51,6 +51,9 @@ struct SIGN_key {
 #ifdef DROPBEAR_RSA
 	dropbear_rsa_key * rsakey;
 #endif
+#ifdef DROPBEAR_ECDSA
+	ecc_key *ecckey;
+#endif
 };

 typedef struct SIGN_key sign_key;
--- a/svr-session.c
+++ b/svr-session.c
@ -39,6 +39,7 @@
 #include "service.h"
 #include "auth.h"
 #include "runopts.h"
+#include "crypto_desc.h"

 static void svr_remoteclosed();

--- a/sysoptions.h
+++ b/sysoptions.h
@ -60,10 +60,13 @@
 #define DROPBEAR_SUCCESS 0
 #define DROPBEAR_FAILURE -1

-#define DROPBEAR_SIGNKEY_ANY 0
-#define DROPBEAR_SIGNKEY_RSA 1
-#define DROPBEAR_SIGNKEY_DSS 2
-#define DROPBEAR_SIGNKEY_NONE 3
+enum {
+	DROPBEAR_SIGNKEY_ANY,
+	DROPBEAR_SIGNKEY_RSA,
+	DROPBEAR_SIGNKEY_DSS,
+	DROPBEAR_SIGNKEY_ECDSA,
+	DROPBEAR_SIGNKEY_NONE,
+};

 /* Required for pubkey auth */
 #if defined(ENABLE_SVR_PUBKEY_AUTH) || defined(DROPBEAR_CLIENT)